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IN THE CLAIMS 
Claim 1 . (Currently Amended) A An industrial network, comprising: 
a local area network; 

one or more programmable lofiic controllers: and 

a security policy implementation point (SPIP) connected betv^^een the local area network 
and the one or more programmable_lp_gic controllers to isolate the one or more programmable 
logic controUgrs and associated factory machines from the local area network, the SPIP being 
configured to participate in a Virtual Private Network fVPNl such that communications with the 
SPIP over the industrial network occur over a VPN tunnel c onfigur e d to apply policy in the 
control of notwork qccosq to ot least on e factory maohin e. 

Claim 2. (Currently Amended) The industrial neavork of claim 1 , further comprioing a 
programmabl e logio oontrollor oonn e oted to the at leoot one factor/ machine, and wherein the 
SPIP is integrated with the programmable logic controller and wherein the SPIP is logically 
connected between the local area network and the_one or more programmable lo^c_controllers . 

ClaijTi 3, (Currently Amended) The industrial network of claim 1, furth e r comprising a 
progmmmablo logic controll e r connoot e d to the at Icaot one factory maohin e , ond wherein the 
network contains a plurality of programmable logic controllers, wherein the one or more 
programomable logic controllers are a subset of the plurality of programmable logic controllers, 
and wherein t he SPIP intorfaoeo is physically disposed b etween the local area network and the 
one or more p rogrammable logic controllers. 

Claim 4. (Original) The industrial network of claim 3, wherein the local area network is an 
Ethemet network, wherein the SPIP is configured to communicate with network devices on the 
local area network over the Ethemet network, and wherein the SPIP is configured to 
communicate with the programmable logic controller using a protocol selected from at Iea$t one 
of Profibus, Controller Area Network, RS-232, RS-422, and RS-485 . 
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Claim 5. (OriginaJ) The industrial network of claim 1, wherein the local area net\^'ork includes 
at least one Ethernet switch/router, aitd wherein the SPIP is included as a blade in the Ethernet 
switch/router. 

Qaim 6, (Original) The industrial network of claim 5, wherein the SPP is configured to 
implement security policy to control network access to at least one PLC connected to the 
Ethernet switch/router through the SPIP. 

Claim 7. (Currently Amended) Tlie industri al network of claim 6^ wher e in the oubnot includ e o at 
l e ast on e programmabl e logic oontrollor ig configurod to oontrol tho opotation of ot leaat ono of 
gaid factory machinos L wherein the SPIP is further configured to apply policy to limit access to 
the programmable logic controllers to individuals authorized to access the programmable logic 
controllers and to require autlientication on the SPIP before allowing control instructions to pass 
from the local area network through the SPIP to the one or more programmable logic controller . 

Claims. (Canceled) 

Claim 9. (Original) The industrial neta'ork of claim 1, wherein the industrial network is an 
untrusted network configured to interconnect network services with a plurality of SPIPs 
associated with factory machines, and wherein tlie network services are configured to enable 
operation of the factory machines to be altered througli the industrial network. 

Claim 10. (Currently Amended) The industrial network of claim 1, wherein the SPIP is fiirthey 
configured to enable local access to the one or more programmable logic controllers bv applying 
t fte t ud e s a local authentication and authorization p olicy configured to enable the SPEP to enforce 
network policy in connection with attempted local access aeeeGDOo . 

Claim 1 1 . (Original) The industrial network of claim 10, wherein the local policy comprises: 

a local access policy configured to require authenticati on and authorization of at least one 
of an user and an. accessing electronic device for non-emorgcncy attempts to access the SPIP, and 
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an alternate access policy configured to allow accdss to the SPIP and maintain an audit 
log attendant to a local attempt to access the SPEP. 

Claim 12. (Canceled) 

Claim 13, (Original) The industrial network of claim 12, wherein the SPIP comprises a local 
authentication policy and information associated with authorized users and indicative of 
authorization policy information associated with said at leist one factory machine. 

Claim 14. (Currently Amended) A Security Poh'cy Jmplefeicntation Point (SPIP) for use in an 
industrial network, comprising: 

a local path configured to implement a local access! policy related to direct local access to 
one or more programmable logic controllers ; and 

a network path connected between the industrial ndtwork and the one or more 
programmable logic controllers to control access to the programmable logic controller via the 
industrial netv^^ork. the network path being confienred to isolate the one or more programmable 
logic controllers and associated factory machines from tbejindustrial network bv narticination in 
a Virtual Private Network such that communications with ihe SPIP over the industrial network 
occur over a VPN tunnel oonficurod to se cur e n e twork potho on the induGtrial notw i ^ork . 

Claim 15. (Currently Amended) The SPIP of claim 15, fuirther comprising programmable logic 
controller circuitry configured to implement the one or moi-e programmable lo^c controllers and 
to function to control at least one factory machine. 

Claim 16. (Currently Amended) The SP.TP of claim 15, wherein the local access policy includes 
enabling access to an associated factory machine to enable operation of the factory machine to be 
altered without verification of authorization and authenticaltion of an user seeking to alter the 
operation during an emergency . 
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Claim 17. (Original) The SPIP of claim 16, wherein the local path further co 
accounting module configured to record accesses to at least one of the SPIP, an associated 
programmable logic controller, and an associated factory machine. 

Claim 18. (Original) The SPIP of claim 15, wherein the local path comprises an authentication 
module configured to authenticate the identity of an individual seeking to access a device 
through the SPIP, and an authorization module configured to assess an authorization associated 
with the individual to ascertain whether the individual is authorized to access the device. 

Claim 19. (Original) The SPEP of claim 1 8, wherein the authorization module is atj interface to 
a Lightweight Directory Access Protocol (LDAP) server, and wherein the authentication module 
is an interface to a Remote Access Dial In User Service (RADIUS) server. 

Claim 20. (Original) The SPIP of claim 18, wherein the authentication and authorization 
modules maintain a local copy of authorized users and authentication policy to allow local access 
to the SPIP- 

Claim 21 . (Currently Amended) The SPIP of claim 15, wherein the lood path compris e o a 
virtual privat e n e twork module configured to participat e in o virtual private network tunnet 
es tabh'shed on tho industrial notvsrork SPIP is configured to anplv policy to limit access to the 
programmable logic controllers to individuals authorized to access the programmable logic 
controllers and to require authentication on the SPIP before allowing control instructions to pass 
from the industrial network through the SPIP to the one or more programmable logic controllers . 

Claim 22. (Original) The SPIP of claim 1 5, further comprising network ports configured to 
interface with the industrial nerwork, and output ports configured to interface with a 
programmable logic controller. 

Claim 23. (Original) The SPEP of claim 22, wherein the network ports are configured to 
communicate on the industrial network utilizing an Ethernet protocol; and wherein the output 
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ports are configured to communicate with the programmable logic coatroUer using a protocol 
understandable by the programmable logic controller. 

Claim 24, (Original) The SPIP of claim 15, fiiither comprising network ports configured to 
interface with the industrial nctworic, control logic configured to implement a control program 
associated with a programmable logic controller, and interface ports configured to interface with 
a factory machine. 

Claim 25. (Original) The SPIP of claim 24, wherein the interface ports comprise at least one 
input port configured to receive input from an environmental sensor, and at least one output port 
configured to control at least one electro-mechanical device. 
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